An ongoing adventure

OpenBSD Firewall/NAT With Comcast

This tip shows howto use OpenBSD as a firewall/nat device for a network using comcast or any other service provider that provides dynamic IP addresses.

You will need at least two NIC’s in your system, one for the internal network and one for the external network. For a quick run down of setting up NAT on OpenBSD look at this document.

Edit /etc/dhclient.conf and add the following:

interface “fxp0” {
send host-name “FIREWALL”;
request subnet-mask, domain-name-servers, domain-name, broadcast-address, time-offset, routers;

Replace fxp0 and FIREWALL with the proper settings.

If you previously had another device acting as your firewall you will need to unplug the power from your cable modem for about 30 seconds to let it cycle.

Now its time to grab a lease from the comcast network:

# dhclient fxp0

Add the following to /etc/hostname.fxp0 (replace fxp0 with your interface name):


View the current leases and information from the dhcp server at /var/db/dhclient.leases.fxp0